Validate login-token programatically

Question

I am using SAML authentication in AEM which creates user in AEM. I have written a SamlResponsePostProcessor in which I am obtaining the userid and token of the user using AuthenticationInfo object. These details (userid & token) I am sending it to a separate application. The separate application then needs to makes HTTP call to AEM Servlet APIs by passing this token . Before sending the response I need to validate the authenticity and if the token is expired or not programatically.

How we can validate the token authenticity programatically in AEM 6.5 ?

Anmol_Bhardwaj · Accepted Answer

Hi @ravir73578276 ,You can use SlingAuthenticator.The Sling Authentication Service provides a method called login(HttpServletRequest request) which can be used to validate the authenticity of the user token. Reference: https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html https://github.com/apache/sling-org-apache-sling-auth-core/blob/master/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java

Pawan-Gupta · Answer

hello,if you refer https://kbwebconsult.com/authentication-handler-in-aem-custom-approach/ and look at method obtainUserId(token) which returns the userid can be used as to cross verify if the token still valid and verify against userid.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded